securelmka.blogg.se

The backdoor is the democritus-html package. The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party.

The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.Īn issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. Exploitation of this issue does not require user interaction.Īn issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. Users are recommended to upgrade to version 1.16.Īdobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. This issue affects Apache XML Graphics prior to 1.16. Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.Ī vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. The XXE injection causes Splunk Web to embed incorrect documents into an error. In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can perform an extensible markup language (XML) external entity (XXE) injection via a custom View. In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. NOTE: this only affects an "unsupported, production-like configuration." Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. The affected version of d8s-htm is 0.1.0.Īn issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. A potential code execution backdoor inserted by third parties is the democritus-utility package. The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure.