9 matches found
USN-6102-1: xmldom vulnerabilities
It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause unexpected syntactic changes during XML processing. This issue only affected Ubuntu...
Ubuntu 20.04 LTS / 22.04 LTS : xmldom vulnerabilities (USN-6102-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6102-1 advisory. It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially...
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to xmldom vulnerability [CVE-2022-37616]
Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to remote code execution due to xmldom vulnerability with details below. CVE-2022-37616 This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-37616 DESCRIPTION: xmldom could allow a remote attacker to...
Security Bulletin: IBM App Connect Enterprise Certified Container operands that process XML may be vulnerable to arbitrary code execution due to [CVE-2022-37616]
Summary Node.js module @xmldom/xmldom is used by IBM App Connect Enterprise Certified Container for processing XML. IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands that process XML data may be vulnerable to arbitrary code execution. This bulletin...
AZL-38290 CVE-2022-37616 affecting package python-tensorboard for versions less than 2.16.2-1
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...
CVE-2022-37616
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...
CVE-2022-37616
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...
CVE-2022-37616
CVE-2022-37616: The xmldom package (@xmldom/xmldom) for Node.js contains a prototype pollution flaw in dom.js: the copy function can pollute Object.prototype via the p variable, affecting all versions prior to 0.8.3. This vulnerability is rated with CVSS 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (b...
CVE-2022-37616
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom published as @xmldom/xmldom package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the positio...