31 matches found
EUVD-2018-0088
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2014-3146
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting XSS attacks via...
RHEL 5 : python-lxml (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-lxml: XSS in lxml.html.clean module in lxml/html/clean.py CVE-2018-19787 - Incomplete blacklist...
RHEL 6 : python-lxml (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-lxml: XSS in lxml.html.clean module in lxml/html/clean.py CVE-2018-19787 - Incomplete blacklist...
RHEL 7 : python-lxml (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-lxml: XSS in lxml.html.clean module in lxml/html/clean.py CVE-2018-19787 - Incomplete blacklist...
doc2dash (=1.2.0), document-clipper (>=0.9.0 <=0.13.6) +1 more potentially affected by CVE-2014-3146 via lxml (>=3.2.3 <=3.3.2)
lxml PYPI version =3.2.3, =0.9.0, =0.13.6 - rymtracks =0.1.2 Source cves: CVE-2014-3146 Source advisory: OSV:GHSA-57QW-CC2G-PV5P...
Improper Neutralization of Input During Web Page Generation in LXML
An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to...
Mageia: Security Advisory (MGASA-2014-0218)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.2.2 : python-lxml (EulerOS-SA-2021-2162)
According to the versions of the python-lxml package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct...
SUSE: Security Advisory (SUSE-SU-2014:1282-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : python-lxml (EulerOS-SA-2021-1839)
According to the versions of the python-lxml package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused differe...
EulerOS Virtualization 3.0.6.6 : python-lxml (EulerOS-SA-2021-1514)
According to the versions of the python-lxml package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which...
EulerOS 2.0 SP2 : python-lxml (EulerOS-SA-2021-1352)
According to the versions of the python-lxml package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scriptin...
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-1352)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2020-2296)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : python-lxml (EulerOS-SA-2020-2296)
According to the versions of the python-lxml package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scriptin...
Debian: Security Advisory (DLA-1604-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Design/Logic Flaw
An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to...
CVE-2018-19787
An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to...
CVE-2018-19787
An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to...