Aviad Hahami

**Name of the Vulnerable Software and Affected Versions** Azure CLI versions prior to the fixed version **Description** The issue is related to a lack of protection for service data in the Azure CLI interface, which can be exploited by a remote attacker to gain access to credentials. The estimated number of potentially affected devices is not specified. There have been reports of this issue being exploited in real-world incidents, but details are not provided. Technical details about exploitation include the potential for information disclosure through REST commands. The `username` and `password` variables may be vulnerable, but specific details are not provided. The `/api/v1/login` endpoint may be affected, but this is not explicitly stated. **Recommendations** As a temporary workaround, consider disabling the use of REST commands in the Azure CLI until a patch is available. Restrict access to sensitive credentials to minimize the risk of exploitation. Avoid using the `username` and `password` variables in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libxmljs versions all **Description** The issue arises when the `libxmljs.parseXml` function is invoked with a non-buffer argument. In such cases, the V8 code attempts to call the `toString` method of the argument. If the argument's `toString` value is not a Function object, V8 will crash. This is a problem related to the libxmljs package, which provides libxml bindings for the V8 JavaScript engine. **Recommendations** For all versions of libxmljs, as a temporary workaround, consider avoiding the use of the `libxmljs.parseXml` function with non-buffer arguments until a patch is available. Restrict access to this function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.