MiracleLinux 7 : python-lxml-3.2.1-4.0.1.el7.AXS7 (AXSA:2024-8989:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-8989:01 advisory. CVE-2021-43818: prevent certain crafted script content passing through in HTML Cleaner CVEs: CVE-2021-43818 lxml is a library for processing XML and HTML in...

MiracleLinux 8 : python38:3.8 and python38-devel:3.8 (AXSA:2022-3598:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3598:01 advisory. python: urllib: Regular expression DoS in AbstractBasicAuthHandler CVE-2021-3733 python-lxml: HTML Cleaner allows crafted and SVG embedded scripts t...

MiracleLinux 8 : python-lxml-4.2.3-4.el8 (AXSA:2022-3370:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3370:01 advisory. python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through CVE-2021-43818 Tenable has extracted the preceding description block direct...

TencentOS Server 3: python-lxml (TSSA-2022:0172)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0172 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: httpd:2.4 (TSSA-2023:0161)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0161 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Alibaba Cloud Linux 3 : 0152: python-lxml (ALINUX3-SA-2023:0152)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0152 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-43818: lxml is a library for processing XM...

RHEL 7 : python-lxml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through CVE-2021-43818 - An iss...

RHEL 6 : python-lxml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through CVE-2021-43818 - An iss...

CentOS 9 : python-lxml-4.6.5-1.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the python- lxml-4.6.5-1.el9 build changelog. - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain...

NewStart CGSL MAIN 6.06 : python-lxml Vulnerability (NS-SA-2023-0098)

The remote NewStart CGSL host, running version MAIN 6.06, has python-lxml packages installed that are affected by a vulnerability: - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass...

Rocky Linux 8 : python-lxml (RLSA-2022:1932)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1932 advisory. - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content...

Rocky Linux 8 : python38:3.8 and python38-devel:3.8 (RLSA-2022:1764)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1764 advisory. - There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser...

Rocky Linux 8 : python39:3.9 and python39-devel:3.9 (RLSA-2022:1763)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1763 advisory. - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content...

Important: python-lxml

Issue Overview: There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using python-lxml's HTML Cleaner may be able to trigger script execution in clients such as web...

Amazon Linux 2023 : python3-lxml (ALAS2023-2023-034)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-034 advisory. There's a flaw in python-lxml's HTML Cleaner component, which is responsible for sanitizing HTML and Javascript. An attacker who is able to submit a crafted payload to a web service using...

Amazon Linux 2 : python-lxml (ALAS-2023-1956)

The version of python-lxml installed on the remote host is prior to 3.2.1-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1956 advisory. Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to condu...

SUSE CVE-2021-43818

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2023-1286)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in lxml (CVE-2021-43818)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in lxml, caused by a flaw in HTML Cleaner in lxml.html. . CVE-2021-43818. Lxml is used in the base operating system by IBM Watson Speech. Please read the details for remediation...

EulerOS Virtualization 3.0.2.6 : python-lxml (EulerOS-SA-2023-1077)

According to the versions of the python-lxml package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html...