Astra Linux - уязвимость в python-bleach

A mutation XSS affects users who call bleachclean with any of the following tags: svg or math within the allowed tags p or br in allowed tags, style, title, noscript, script, textarea, noframes, iframe, or xmp within allowed tags. The keyword argument is stripcomments=False. Note: None of the abo...

Ubuntu: Security Advisory (USN-8077-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Bleach vulnerabilities (USN-8077-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8077-1 advisory. It was discovered that Bleach did not properly sanitize URI attributes containing character entities. An attacker could possibly...

USN-8077-1: Bleach vulnerabilities

It was discovered that Bleach did not properly sanitize URI attributes containing character entities. An attacker could possibly use this issue to construct a URI with a disallowed scheme that would bypass sanitization, leading to cross-site scripting. This issue only affected Ubuntu 18.04 LTS...

EUVD-2020-0055

Malware in sbrugna...

EUVD-2021-0036

Malware in sbrugna...

EUVD-2018-15504

Malware in sbrugna...

EUVD-2018-0026

Malware in sbrugna...

EUVD-2020-0054

Malware in sbrugna...

EUVD-2020-0056

Malware in sbrugna...

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

...

Linux Distros Unpatched Vulnerability : CVE-2018-7753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Usi...

Linux Distros Unpatched Vulnerability : CVE-2020-6817

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an...

Linux Distros Unpatched Vulnerability : CVE-2020-6802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. CVE-2020-68...

Linux Distros Unpatched Vulnerability : CVE-2020-6816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

Linux Distros Unpatched Vulnerability : CVE-2021-23980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea,...

OPENSUSE-SU-2024:14134-1 python310-bleach-6.1.0-1.5 on GA media

These are all security issues fixed in the python310-bleach-6.1.0-1.5 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11219-1 python36-bleach-3.3.0-1.4 on GA media

These are all security issues fixed in the python36-bleach-3.3.0-1.4 package on the GA media of openSUSE Tumbleweed...

RHEL 7 / 8 : Red Hat Ansible Automation Platform 1.2.2 (RHSA-2021:0781)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0781 advisory. Red Hat Ansible Automation Platform integrates Red Hat's automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine,...

DEBIAN-CVE-2021-23980

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default allowe...