![]() ![]() Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.Ī vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. The XXE injection causes Splunk Web to embed incorrect documents into an error. In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. NOTE: this only affects an "unsupported, production-like configuration." ![]() Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. The affected version of d8s-htm is 0.1.0.Īn issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. A potential code execution backdoor inserted by third parties is the democritus-utility package. The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. ![]() CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure. ![]()
0 Comments
Leave a Reply. |