MAL-2023-1501 Malicious code in wpi-xmldom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5ca72dd827e914309265980a13573c7017021ad948c7fb748b36707a9aa85e47 The OpenSSF Package Analysis project identified 'wpi-xmldom' @ 2.2.2 npm as malicious. It is considered malicious because: - The package...

Malicious code in wpi-xmldom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5ca72dd827e914309265980a13573c7017021ad948c7fb748b36707a9aa85e47 The OpenSSF Package Analysis project identified 'wpi-xmldom' @ 2.2.2 npm as malicious. It is considered malicious because: - The package...

CVE-2021-21366

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpect...

Ubuntu: Security Advisory (USN-6102-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6102-1: xmldom vulnerabilities

It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause unexpected syntactic changes during XML processing. This issue only affected Ubuntu...

USN-6102-1 node-xmldom vulnerabilities

It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause unexpected syntactic changes during XML processing. This issue only affected Ubuntu...

Security Bulletin: A security vulnerability in Node.js xmldom and msgpack5 module affects IBM Cloud Automation Manager

Summary A security vulnerability in Node.js xmldom and msgpack5 module affects IBM Cloud Automation Manager. Vulnerability Details CVEID:CVE-2021-21366 DESCRIPTION: Node.js xmldom module could allow a remote attacker to bypass security restrictions, caused by improper preserve of system...

Debian dla-3260 : node-xmldom - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3260 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3260-1 [email protected]...

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to xmldom vulnerability [CVE-2022-37616]

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to xmldom vulnerability with details below. CVE-2022-37616 This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-37616 DESCRIPTION: xmldom could allow a remote attacker to...

Debian: Security Advisory (DLA-3260-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3260-1] node-xmldom security update

Debian LTS Advisory DLA-3260-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 01, 2023 https://wiki.debian.org/LTS Package : node-xmldom Version : 0.1.27+ds-1+deb10u2 CVE ID : CVE-2021-21366 CVE-2022-39353 Debian Bug : 1024736 It was discovered that...

DLA-3260-1 node-xmldom - security update

Bulletin has no description...

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to Node [CVE-2022-39353]

Summary Vulnerabilities in xmldom module may compromise the authentication mechanism of the Spectrum Control Product. CVE-2022-39353 This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-39353 DESCRIPTION: Node.js xmldom module could allow a remote attacker to bypass securit...

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.6. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by an insecure interpolation defaults flaw. By sendi...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attacker due to the module xmldom [CVE-2022-39353]

Summary IBM App Connect Enterprise is vulnerable to a remote attacker due to the module xmldom. CVE-2022-39353 The resolving fix includes xmldom 0.8.5 and 0.8.6 Vulnerability Details CVEID:CVE-2022-39353 DESCRIPTION: Node.js xmldom module could allow a remote attacker to bypass security...

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to privilege escalation due to CVE-2022-39353

Summary Node.js module xmldom is used by IBM App Connect Enterprise Certified Container for parsing XML documents. IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to privilege escalation. This bulletin provides patch information to...

Security Bulletin: IBM App Connect Enterprise Certified Container operands that process XML may be vulnerable to arbitrary code execution due to [CVE-2022-37616]

Summary Node.js module @xmldom/xmldom is used by IBM App Connect Enterprise Certified Container for processing XML. IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands that process XML data may be vulnerable to arbitrary code execution. This bulletin...

CVE-2022-39353

A flaw was found in the xmldom package. The xmldom parses XML that is not well-formed because it contains multiple top-level elements, adding all root nodes to the childNodes collection of the Document without reporting errors or throwing. This breaks the assumption that there is only a single ro...

Improper Input Validation

xmldom is vulnerable to improper input validation. The vulnerability exists in dom.js because the DOMParser and XMLSerializer modules are not properly validated which allows an attacker to access the system and perform unauthorized actions...

AZL-38671 CVE-2022-39353 affecting package python-tensorboard for versions less than 2.16.2-1

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or...