DEBIAN-CVE-2022-37616

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

UBUNTU-CVE-2022-37616

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

PT-2022-21787 · Inventree · Inventree

Name of the Vulnerable Software and Affected Versions: Inventree versions prior to 0.8.3 Description: The issue is related to stored Cross-site Scripting XSS in the GitHub repository inventree/inventree. This occurs by uploading SVG files, allowing for the storage of malicious scripts that can be...

CVE-2021-36376

dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory...

DEBIAN-CVE-2011-3504

The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file...