13 matches found
CVE-2022-39353 affecting package python-tensorboard for versions less than 2.16.2-1
CVE-2022-39353 affecting package python-tensorboard for versions less than 2.16.2-1. An upgraded version of the package is available that resolves this issue...
USN-6102-1: xmldom vulnerabilities
It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause unexpected syntactic changes during XML processing. This issue only affected Ubuntu...
Ubuntu 20.04 LTS / 22.04 LTS : xmldom vulnerabilities (USN-6102-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6102-1 advisory. It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially...
Debian: Security Advisory (DLA-3260-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3260-1] node-xmldom security update
Debian LTS Advisory DLA-3260-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 01, 2023 https://wiki.debian.org/LTS Package : node-xmldom Version : 0.1.27+ds-1+deb10u2 CVE ID : CVE-2021-21366 CVE-2022-39353 Debian Bug : 1024736 It was discovered that...
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to privilege escalation due to CVE-2022-39353
Summary Node.js module xmldom is used by IBM App Connect Enterprise Certified Container for parsing XML documents. IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to privilege escalation. This bulletin provides patch information to...
CVE-2022-39353
A flaw was found in the xmldom package. The xmldom parses XML that is not well-formed because it contains multiple top-level elements, adding all root nodes to the childNodes collection of the Document without reporting errors or throwing. This breaks the assumption that there is only a single ro...
CVE-2022-39353 xmldom allows multiple root nodes in a DOM
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or...
CVE-2022-39353
CVE-2022-39353 — The xmldom library’s DOMParser can parse XML with multiple top-level elements, adding multiple root nodes to Document.childNodes without error. This violates the single-root assumption and is the underlying issue that prompted CVE-2022-39299. Affected: xmldom (JavaScript XML DOM ...
CVE-2022-39353
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or...
CVE-2022-39353 xmldom allows multiple root nodes in a DOM
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or...
2c2p-integration (>=0.2.0 <=0.2.2), 4help-shared (>=1.0.8 <=1.0.15) +3878 more potentially affected by CVE-2022-39353 via @xmldom/xmldom (>=0.7.0 <=0.7.6)
@xmldom/xmldom NPM version =0.7.0, =0.2.0, =1.0.8, =0.1.3, =0.0.7, =0.3.31, =1.0.4, =1.0.0, =2.1.0-develop-2ff6c7-mckmjkzz, =2.1.0-renovate-fdebc6-mhg3djx8 - @abcd19/st-grid =3.1.0 - @abdullahceylan/expo-cli =0.2.6 and more Source cves: CVE-2022-39353 Source advisory: OSV:GHSA-CRH6-FP67-6883...
08cms (=1.0.0), 0uth (>=1.0.5 <=1.2.1) +13070 more potentially affected by CVE-2022-39353 via xmldom (>=0.1.11 <=0.6.0)
xmldom NPM version =0.1.11, =1.0.5, =1.0.0, =1.0.0, =1.7.3, =0.1.0, =0.0.2, =0.0.1, =1.0.2, =1.0.3, =1.0.23, =1.0.1, =1.3.1 and more Source cves: CVE-2022-39353 Source advisory: OSV:GHSA-CRH6-FP67-6883...