Lucene search
+L

9 matches found

ubuntu
ubuntu
added 2023/05/24 9:57 a.m.54 views

USN-6102-1: xmldom vulnerabilities

It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause unexpected syntactic changes during XML processing. This issue only affected Ubuntu...

9.8CVSS7.1AI score0.01535EPSS
Exploits1
nessus
nessus
added 2023/05/24 12:0 a.m.68 views

Ubuntu 20.04 LTS / 22.04 LTS : xmldom vulnerabilities (USN-6102-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6102-1 advisory. It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially...

9.8CVSS7AI score0.01535EPSS
Exploits1References4
ibm
ibm
added 2023/01/03 9:5 a.m.64 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to xmldom vulnerability [CVE-2022-37616]

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to xmldom vulnerability with details below. CVE-2022-37616 This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-37616 DESCRIPTION: xmldom could allow a remote attacker to...

9.8CVSS9.8AI score0.01535EPSS
Exploits0Affected Software1
ibm
ibm
added 2022/12/01 4:19 p.m.30 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands that process XML may be vulnerable to arbitrary code execution due to [CVE-2022-37616]

Summary Node.js module @xmldom/xmldom is used by IBM App Connect Enterprise Certified Container for processing XML. IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands that process XML data may be vulnerable to arbitrary code execution. This bulletin...

9.8CVSS9.7AI score0.01535EPSS
Exploits0Affected Software1
osv
osv
added 2022/10/11 5:15 a.m.8 views

AZL-38290 CVE-2022-37616 affecting package python-tensorboard for versions less than 2.16.2-1

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

9.8CVSS7.4AI score0.01535EPSS
Exploits0References1
debiancve
debiancve
added 2022/10/11 12:0 a.m.42 views

CVE-2022-37616

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

9.8CVSS9.5AI score0.01535EPSS
Exploits0
osv
osv
added 2022/10/11 12:0 a.m.24 views

CVE-2022-37616

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

9.8CVSS9.4AI score0.01535EPSS
Exploits0References12
cve
cve
added 2022/10/11 12:0 a.m.116 views

CVE-2022-37616

CVE-2022-37616: The xmldom package (@xmldom/xmldom) for Node.js contains a prototype pollution flaw in dom.js: the copy function can pollute Object.prototype via the p variable, affecting all versions prior to 0.8.3. This vulnerability is rated with CVSS 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (b...

9.8CVSS9.3AI score0.01535EPSS
Exploits0References10Affected Software1
cvelist
cvelist
added 2022/10/11 12:0 a.m.38 views

CVE-2022-37616

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...

9.6AI score0.01535EPSS
Exploits0References10
Rows per page
Query Builder