OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407)

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 o...

SUSE: Security Advisory (SUSE-SU-2022:2819-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SAP NetWeaver Knowledge Management Configuration Service 操作系统命令注入漏洞

SAP NetWeaver Knowledge Management Configuration Service is a knowledge management solution configuration service from SAP, Germany. An operating system command injection vulnerability exists in SAP NetWeaver Knowledge Management XML Forms versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, which allows...

CSS and HTML injection through Style Inspector — Mozilla

Security researcher Mariusz Mlynski reported that when a maliciously crafted stylesheet is inspected in the Style Inspector, HTML and CSS can run in a chrome privileged context without being properly sanitized first. This can lead to arbitrary code execution...