npm react-native-keys 安全漏洞

npm react-native-keys is a mobile environment variable security library from US-based npm. A security vulnerability exists in npm react-native-keys version 0.7.11, which stems from encrypted passwords and Base64 blocks being stored in plaintext in compiled native binaries, potentially leading to...

PT-2022-27488 · Jenkins · Jenkins Violations Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Violations Plugin versions 0.7.11 and earlier Description: The issue arises from the Jenkins Violations Plugin not configuring its XML parser to prevent XML external entity XXE attacks. This allows attackers to control XML input files...

IlohaMail Arbitrary File Access via Language Variable

The target is running at least one instance of IlohaMail version 0.7.10 or earlier. Such versions contain a flaw in the processing of the language variable that allows an unauthenticated attacker to retrieve arbitrary files available to the web user. OpenVAS Vulnerability Test $Id:...