Lucene search
K

187 matches found

OSV
OSV
added 2024/06/15 12:0 a.m.11 views

OPENSUSE-SU-2024:11219-1 python36-bleach-3.3.0-1.4 on GA media

These are all security issues fixed in the python36-bleach-3.3.0-1.4 package on the GA media of openSUSE Tumbleweed...

9.8CVSS6.7AI score0.02195EPSS
Exploits4References5
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.34 views

RHEL 7 / 8 : Red Hat Ansible Automation Platform 1.2.2 (RHSA-2021:0781)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0781 advisory. Red Hat Ansible Automation Platform integrates Red Hat's automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine,...

7.5CVSS7.5AI score0.07605EPSS
Exploits3References13
OSV
OSV
added 2023/02/16 10:15 p.m.2 views

DEBIAN-CVE-2020-6817

bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'...

7.5CVSS8.1AI score0.00718EPSS
Exploits1References1
OSV
OSV
added 2023/02/16 10:15 p.m.5 views

DEBIAN-CVE-2021-23980

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default allowe...

6.1CVSS7.2AI score0.00483EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2023/02/16 10:15 p.m.25 views

CVE-2020-6817

bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'...

7.5CVSS7.1AI score0.00718EPSS
Exploits1References6
OSV
OSV
added 2023/02/16 10:15 p.m.10 views

UBUNTU-CVE-2020-6817

bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'...

7.5CVSS7.3AI score0.00718EPSS
Exploits1References7
OSV
OSV
added 2023/02/16 10:15 p.m.14 views

UBUNTU-CVE-2021-23980

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default allowe...

6.1CVSS7.3AI score0.00483EPSS
Exploits1References7
Cvelist
Cvelist
added 2023/02/16 12:0 a.m.41 views

CVE-2020-6817

bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'...

6.5AI score0.00718EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:29 a.m.3 views

SUSE CVE-2018-7753

An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized...

9.8CVSS7AI score0.02195EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:2 a.m.5 views

SUSE CVE-2020-6802

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option...

6.1CVSS6.3AI score0.01688EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:2 a.m.4 views

SUSE CVE-2020-6816

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

6.1CVSS6.3AI score0.01301EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:2 a.m.7 views

SUSE CVE-2020-6817

bleach.clean behavior parsing style attributes could result in a regular expression denial of service ReDoS. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean..., attributes='a': 'style'...

7.5CVSS6.8AI score0.00718EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.6 views

SUSE CVE-2021-23980

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default allowe...

6.1CVSS6.3AI score0.00483EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2022/11/30 12:0 a.m.7 views

The vulnerability of Mozilla’s HTML cleaning library, Bleach, arises due to the lack of measures taken to protect the structure of web pages. This allows attackers to execute XSS attacks.

The vulnerability of Mozilla’s HTML cleaning library, Bleach, exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

6.4CVSS7AI score0.01688EPSS
Exploits1References10Affected Software4
OSV
OSV
added 2022/08/26 11:4 a.m.5 views

OESA-2022-1861 python-bleach security update

Bleach is an HTML sanitizing library that escapes or strips markup and attributes based on a white list. Security Fixes: No description is available for this CVE.CVE-2021-23980...

6.1CVSS6.9AI score0.00483EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2022/05/20 11:42 p.m.32 views

CVE-2020-6816

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

6.8CVSS2AI score0.01301EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.24 views

Mageia: Security Advisory (MGASA-2020-0176)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.9AI score0.01301EPSS
Exploits2References6
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.30 views

Mageia: Security Advisory (MGASA-2021-0260)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.5AI score0.00483EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.21 views

Mageia: Security Advisory (MGASA-2020-0125)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.5AI score0.01688EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2021/06/23 12:0 a.m.8 views

The vulnerability of the bleach-based HTML cleaning library, which exists due to the lack of measures taken to protect the structure of web pages, allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the bleach HTML cleaning library exists because measures to protect the structure of web pages are not taken. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality and integrity of the protected information...

6.4CVSS7AI score0.00483EPSS
Exploits1References7Affected Software6
Rows per page
Query Builder