Lucene search
DebianDEBIAN:8FFA0DA308437D5AD3AE5E23EAE15ADD:EB5A6HistoryJun 26, 2014 - 5:10 p.m.
lxml security update
2014-06-2617:10:22
lists.debian.org
12
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.013 Low
EPSS
Percentile
85.7%
Package : lxml
Version : 2.2.8-2+deb6u1
CVE ID : CVE-2014-3146
Debian Bug : #746812
It was discovered that clean_html() function of lxml (pythonic bindings
for the libxml2 and libxslt libraries) performed insufficient sanitisation
for some non-printable characters. This could lead to cross-site
scripting.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | sparc | python-lxml-dbg | < 2.3.2-1+deb7u1 | python-lxml-dbg_2.3.2-1+deb7u1_sparc.deb |
| Debian | 6 | amd64 | python3-lxml-dbg | < 2.2.8-2+deb6u1 | python3-lxml-dbg_2.2.8-2+deb6u1_amd64.deb |
| Debian | 7 | s390 | python-lxml-dbg | < 2.3.2-1+deb7u1 | python-lxml-dbg_2.3.2-1+deb7u1_s390.deb |
| Debian | 6 | amd64 | python3-lxml | < 2.2.8-2+deb6u1 | python3-lxml_2.2.8-2+deb6u1_amd64.deb |
| Debian | 7 | amd64 | python3-lxml-dbg | < 2.3.2-1+deb7u1 | python3-lxml-dbg_2.3.2-1+deb7u1_amd64.deb |
| Debian | 7 | sparc | python-lxml | < 2.3.2-1+deb7u1 | python-lxml_2.3.2-1+deb7u1_sparc.deb |
| Debian | 7 | armel | python-lxml | < 2.3.2-1+deb7u1 | python-lxml_2.3.2-1+deb7u1_armel.deb |
| Debian | 7 | i386 | python3-lxml-dbg | < 2.3.2-1+deb7u1 | python3-lxml-dbg_2.3.2-1+deb7u1_i386.deb |
| Debian | 6 | i386 | python-lxml | < 2.2.8-2+deb6u1 | python-lxml_2.2.8-2+deb6u1_i386.deb |
| Debian | 7 | mips | python-lxml-dbg | < 2.3.2-1+deb7u1 | python-lxml-dbg_2.3.2-1+deb7u1_mips.deb |
Related
openvas
openvas
Debian Security Advisory DSA 2941-1 (lxml - security update)
2014-06-01 00:00:00
Debian: Security Advisory (DSA-2941-1)
2014-05-31 00:00:00
Mageia: Security Advisory (MGASA-2014-0218)
2022-01-28 00:00:00
prion
prion
Cross site scripting
2014-05-14 19:55:00
Design/Logic Flaw
2018-12-02 10:29:00
osv
osv
lxml - security update
2014-06-01 00:00:00
lxml - security update
2014-06-26 00:00:00
PYSEC-2014-9
2014-05-14 19:55:00
debiancve
debiancve
CVE-2014-3146
2014-05-14 19:55:00
CVE-2018-19787
2018-12-02 10:29:00
nessus
nessus
Mandriva Linux Security Advisory : python-lxml (MDVSA-2015:112)
2015-03-30 00:00:00
openSUSE Security Update : python-lxml (openSUSE-SU-2014:0735-1)
2014-06-13 00:00:00
SuSE 11.3 Security Update : python-lxml (SAT Patch Number 9821)
2014-10-11 00:00:00
cve
cve
CVE-2014-3146
2014-05-14 19:55:00
CVE-2018-19787
2018-12-02 10:29:00
ubuntu
ubuntu
lxml vulnerability
2014-05-21 00:00:00
debian
debian
lxml security update
2014-06-26 17:16:35
[SECURITY] [DSA 2941-1] lxml security update
2014-06-01 08:36:18
[SECURITY] [DLA 1604-1] lxml security update
2018-12-10 08:47:41
ubuntucve
ubuntucve
CVE-2014-3146
2014-05-14 00:00:00
CVE-2018-19787
2018-12-02 00:00:00
mageia
mageia
Updated python-lxml package fix CVE-2014-3146
2014-05-15 02:10:47
github
github
lxml Cross-site Scripting Via Control Characters
2022-05-14 04:01:59
Improper Neutralization of Input During Web Page Generation in LXML
2022-05-13 01:13:21
redhatcve
redhatcve
CVE-2018-19787
2018-12-17 23:08:11
securityvulns
securityvulns
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.013 Low
EPSS
Percentile
85.7%
Related for DEBIAN:8FFA0DA308437D5AD3AE5E23EAE15ADD:EB5A6