Search for vulnerabilities
Vulnerability details: VCID-738u-1m1q-aaaa
Vulnerability ID VCID-738u-1m1q-aaaa
Aliases CVE-2022-34169
GHSA-9339-86wc-4qgf
Summary The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-681 Incorrect Conversion between Numeric Types
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-192 Integer Coercion Error
System Score Found at
cvssv3.1 7.5 http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html
generic_textual HIGH http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html
rhas Important https://access.redhat.com/errata/RHSA-2022:5681
rhas Important https://access.redhat.com/errata/RHSA-2022:5683
rhas Important https://access.redhat.com/errata/RHSA-2022:5684
rhas Important https://access.redhat.com/errata/RHSA-2022:5685
rhas Important https://access.redhat.com/errata/RHSA-2022:5687
rhas Important https://access.redhat.com/errata/RHSA-2022:5695
rhas Important https://access.redhat.com/errata/RHSA-2022:5696
rhas Important https://access.redhat.com/errata/RHSA-2022:5697
rhas Important https://access.redhat.com/errata/RHSA-2022:5698
rhas Important https://access.redhat.com/errata/RHSA-2022:5700
rhas Important https://access.redhat.com/errata/RHSA-2022:5701
rhas Important https://access.redhat.com/errata/RHSA-2022:5709
rhas Important https://access.redhat.com/errata/RHSA-2022:5726
rhas Important https://access.redhat.com/errata/RHSA-2022:5736
rhas Important https://access.redhat.com/errata/RHSA-2022:5755
rhas Important https://access.redhat.com/errata/RHSA-2022:5756
rhas Important https://access.redhat.com/errata/RHSA-2022:5757
rhas Important https://access.redhat.com/errata/RHSA-2022:5758
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34169.json
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.00165 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.00385 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.00385 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.00385 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.00385 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.10837 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.11098 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.11457 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.11457 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.11457 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.11457 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.11457 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.11457 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.11457 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.11457 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.11457 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.11457 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.11457 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.1173 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.1173 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.1173 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.1173 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.1173 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.1173 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.1173 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.1173 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.1173 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.1173 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.1173 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
epss 0.17425 https://api.first.org/data/v1/epss?cve=CVE-2022-34169
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=2108554
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.5 https://gitbox.apache.org/repos/asf?p=xalan-java.git
generic_textual HIGH https://gitbox.apache.org/repos/asf?p=xalan-java.git
cvssv3.1 7.5 https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=2e60d0a9a5b822c4abf9051857973b1c6babfe81
generic_textual HIGH https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=2e60d0a9a5b822c4abf9051857973b1c6babfe81
cvssv3.1 7.5 https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=ab57211e5d2e97cbed06786f919fa9b749c83573
generic_textual HIGH https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=ab57211e5d2e97cbed06786f919fa9b749c83573
cvssv3.1 7.5 https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=da3e0d06b467247643ce04e88d3346739d119f21
generic_textual HIGH https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=da3e0d06b467247643ce04e88d3346739d119f21
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-9339-86wc-4qgf
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-9339-86wc-4qgf
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-9339-86wc-4qgf
cvssv3.1 7.5 https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
generic_textual HIGH https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
cvssv3.1 7.5 https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8
generic_textual HIGH https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8
cvssv3.1 7.5 https://lists.apache.org/thread/x3f7xv3p1g32qj2hlg8wd57pwcpld471
generic_textual HIGH https://lists.apache.org/thread/x3f7xv3p1g32qj2hlg8wd57pwcpld471
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-34169
cvssv3.1 7.5 https://security.netapp.com/advisory/ntap-20220729-0009
generic_textual HIGH https://security.netapp.com/advisory/ntap-20220729-0009
cvssv3.1 6.5 https://security.netapp.com/advisory/ntap-20240621-0006
generic_textual MODERATE https://security.netapp.com/advisory/ntap-20240621-0006
cvssv3.1 7.5 https://www.debian.org/security/2022/dsa-5188
generic_textual HIGH https://www.debian.org/security/2022/dsa-5188
cvssv3.1 7.5 https://www.debian.org/security/2022/dsa-5192
generic_textual HIGH https://www.debian.org/security/2022/dsa-5192
cvssv3.1 7.5 https://www.debian.org/security/2022/dsa-5256
generic_textual HIGH https://www.debian.org/security/2022/dsa-5256
cvssv3.1 7.5 https://www.oracle.com/security-alerts/cpujul2022.html
generic_textual HIGH https://www.oracle.com/security-alerts/cpujul2022.html
cvssv3.1 7.5 https://xalan.apache.org
generic_textual HIGH https://xalan.apache.org
cvssv3.1 7.5 http://www.openwall.com/lists/oss-security/2022/07/19/5
generic_textual HIGH http://www.openwall.com/lists/oss-security/2022/07/19/5
cvssv3.1 7.5 http://www.openwall.com/lists/oss-security/2022/07/19/6
generic_textual HIGH http://www.openwall.com/lists/oss-security/2022/07/19/6
cvssv3.1 7.5 http://www.openwall.com/lists/oss-security/2022/07/20/2
generic_textual HIGH http://www.openwall.com/lists/oss-security/2022/07/20/2
cvssv3.1 7.5 http://www.openwall.com/lists/oss-security/2022/07/20/3
generic_textual HIGH http://www.openwall.com/lists/oss-security/2022/07/20/3
cvssv3.1 7.5 http://www.openwall.com/lists/oss-security/2022/10/18/2
generic_textual HIGH http://www.openwall.com/lists/oss-security/2022/10/18/2
cvssv3.1 7.5 http://www.openwall.com/lists/oss-security/2022/11/04/8
generic_textual HIGH http://www.openwall.com/lists/oss-security/2022/11/04/8
cvssv3.1 9.8 http://www.openwall.com/lists/oss-security/2022/11/07/2
generic_textual CRITICAL http://www.openwall.com/lists/oss-security/2022/11/07/2
Reference id Reference type URL
http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34169.json
https://api.first.org/data/v1/epss?cve=CVE-2022-34169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21549
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://gitbox.apache.org/repos/asf?p=xalan-java.git
https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=2e60d0a9a5b822c4abf9051857973b1c6babfe81
https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=ab57211e5d2e97cbed06786f919fa9b749c83573
https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=da3e0d06b467247643ce04e88d3346739d119f21
https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8
https://lists.apache.org/thread/x3f7xv3p1g32qj2hlg8wd57pwcpld471
https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB/
https://security.netapp.com/advisory/ntap-20220729-0009
https://security.netapp.com/advisory/ntap-20220729-0009/
https://security.netapp.com/advisory/ntap-20240621-0006
https://www.debian.org/security/2022/dsa-5188
https://www.debian.org/security/2022/dsa-5192
https://www.debian.org/security/2022/dsa-5256
https://www.oracle.com/security-alerts/cpujul2022.html
https://xalan.apache.org
http://www.openwall.com/lists/oss-security/2022/07/19/5
http://www.openwall.com/lists/oss-security/2022/07/19/6
http://www.openwall.com/lists/oss-security/2022/07/20/2
http://www.openwall.com/lists/oss-security/2022/07/20/3
http://www.openwall.com/lists/oss-security/2022/10/18/2
http://www.openwall.com/lists/oss-security/2022/11/04/8
http://www.openwall.com/lists/oss-security/2022/11/07/2
1015860 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015860
2108554 https://bugzilla.redhat.com/show_bug.cgi?id=2108554
cpe:2.3:a:apache:xalan-java:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:xalan-java:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:20.3.6:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:21.3.2:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:graalvm:22.1.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:oracle:jdk:11.0.15.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:11.0.15.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:17.0.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:17.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update343:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.7.0:update343:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:18.0.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:18.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update333:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jdk:1.8.0:update333:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:11.0.15.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:11.0.15.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:17.0.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:17.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update343:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.7.0:update343:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:18.0.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:18.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update333:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jre:1.8.0:update333:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
CVE-2022-34169 https://nvd.nist.gov/vuln/detail/CVE-2022-34169
GHSA-9339-86wc-4qgf https://github.com/advisories/GHSA-9339-86wc-4qgf
GLSA-202401-25 https://security.gentoo.org/glsa/202401-25
GLSA-202405-16 https://security.gentoo.org/glsa/202405-16
RHSA-2022:5681 https://access.redhat.com/errata/RHSA-2022:5681
RHSA-2022:5683 https://access.redhat.com/errata/RHSA-2022:5683
RHSA-2022:5684 https://access.redhat.com/errata/RHSA-2022:5684
RHSA-2022:5685 https://access.redhat.com/errata/RHSA-2022:5685
RHSA-2022:5687 https://access.redhat.com/errata/RHSA-2022:5687
RHSA-2022:5695 https://access.redhat.com/errata/RHSA-2022:5695
RHSA-2022:5696 https://access.redhat.com/errata/RHSA-2022:5696
RHSA-2022:5697 https://access.redhat.com/errata/RHSA-2022:5697
RHSA-2022:5698 https://access.redhat.com/errata/RHSA-2022:5698
RHSA-2022:5700 https://access.redhat.com/errata/RHSA-2022:5700
RHSA-2022:5701 https://access.redhat.com/errata/RHSA-2022:5701
RHSA-2022:5709 https://access.redhat.com/errata/RHSA-2022:5709
RHSA-2022:5726 https://access.redhat.com/errata/RHSA-2022:5726
RHSA-2022:5736 https://access.redhat.com/errata/RHSA-2022:5736
RHSA-2022:5753 https://access.redhat.com/errata/RHSA-2022:5753
RHSA-2022:5754 https://access.redhat.com/errata/RHSA-2022:5754
RHSA-2022:5755 https://access.redhat.com/errata/RHSA-2022:5755
RHSA-2022:5756 https://access.redhat.com/errata/RHSA-2022:5756
RHSA-2022:5757 https://access.redhat.com/errata/RHSA-2022:5757
RHSA-2022:5758 https://access.redhat.com/errata/RHSA-2022:5758
RHSA-2024:10207 https://access.redhat.com/errata/RHSA-2024:10207
RHSA-2024:10208 https://access.redhat.com/errata/RHSA-2024:10208
RHSA-2024:3708 https://access.redhat.com/errata/RHSA-2024:3708
RHSA-2024:8823 https://access.redhat.com/errata/RHSA-2024:8823
RHSA-2024:8824 https://access.redhat.com/errata/RHSA-2024:8824
RHSA-2024:8826 https://access.redhat.com/errata/RHSA-2024:8826
USN-5546-1 https://usn.ubuntu.com/5546-1/
USN-5546-2 https://usn.ubuntu.com/5546-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://packetstormsecurity.com/files/168186/Xalan-J-XSLTC-Integer-Truncation.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34169.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://gitbox.apache.org/repos/asf?p=xalan-java.git
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=2e60d0a9a5b822c4abf9051857973b1c6babfe81
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=ab57211e5d2e97cbed06786f919fa9b749c83573
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://gitbox.apache.org/repos/asf?p=xalan-java.git;a=commit;h=da3e0d06b467247643ce04e88d3346739d119f21
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread/12pxy4phsry6c34x2ol4fft6xlho4kyw
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread/2qvl7r43wb4t8p9dd9om1bnkssk07sn8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.apache.org/thread/x3f7xv3p1g32qj2hlg8wd57pwcpld471
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2022/10/msg00024.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4YNJSJ64NPCNKFPNBYITNZU5H3L4D6L
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5OZNAZJ4YHLOKRRRZSWRT5OJ25E4XLM
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN3EVGR7FD3ZLV5SBTJXUIDCMSK4QUE2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KO3DXNKZ4EU3UZBT6AAR4XRKCD73KLMO
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3XPOTPPBZIPFBZHQE5E7OW6PDACUMCJ
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YULPNO3PAWMEQQZV2C54I3H3ZOXFZUTB
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-34169
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://security.netapp.com/advisory/ntap-20220729-0009
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20240621-0006
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.debian.org/security/2022/dsa-5188
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.debian.org/security/2022/dsa-5192
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.debian.org/security/2022/dsa-5256
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://www.oracle.com/security-alerts/cpujul2022.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://xalan.apache.org
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.openwall.com/lists/oss-security/2022/07/19/5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.openwall.com/lists/oss-security/2022/07/19/6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.openwall.com/lists/oss-security/2022/07/20/2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.openwall.com/lists/oss-security/2022/07/20/3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.openwall.com/lists/oss-security/2022/10/18/2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://www.openwall.com/lists/oss-security/2022/11/04/8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2022/11/07/2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.53850
EPSS Score 0.00165
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.