54 matches found
TencentOS Server 3: python-lxml (TSSA-2022:0172)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0172 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Amazon Linux 2 : python-lxml (ALAS-2024-2620)
The version of python-lxml installed on the remote host is prior to 3.2.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2620 advisory. An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and...
Medium: python-lxml
Issue Overview: An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this...
RHEL 6 : python-lxml (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through CVE-2021-43818 - An iss...
RHEL 7 : python-lxml (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through CVE-2021-43818 - An iss...
Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0215)
The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0215 advisory. - Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very...
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2023-1286)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:3934-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:3937-1 Security update for python3-lxml
This update for python3-lxml fixes the following issues: - CVE-2021-28957: Fixed XSS due to missing input sanitization for HTML5 attributes bsc1184177...
GLSA-202208-06 : lxml: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202208-06 lxml: Multiple Vulnerabilities - An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the...
python39:3.9 and python39-devel:3.9 security update
modwsgi 4.7.1-4 - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz1877430 4.7.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora33MassRebuild 4.7.1-2 - Rebuilt for Python 3.9 4.7.1-1 - update to 4.7.1 1721376 python39 3.9.7-1 - Update to 3.9.7 Resolves: rhbz2003102...
CVE-2021-28957 affecting package python-lxml for versions less than 4.8.0-1
CVE-2021-28957 affecting package python-lxml for versions less than 4.8.0-1. An upgraded version of the package is available that resolves this issue...
openSUSE: Security Advisory for python-lxml (openSUSE-SU-2022:0803-1)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE SLED15 / SLES15 Security Update : python-lxml (SUSE-SU-2022:0803-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0803-1 advisory. - An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remo...
OPENSUSE-SU-2022:0803-1 Security update for python-lxml
This update for python-lxml fixes the following issues: - CVE-2018-19787: Fixed XSS vulnerability via unescaped URL bsc1118088. - CVE-2021-28957: Fixed XSS vulnerability ia HTML5 attributes unescaped bsc1184177. - CVE-2021-43818: Fixed XSS vulnerability via script content in SVG images using data...
AlmaLinux 8 : python-lxml (ALSA-2021:4158)
The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2021:4158 advisory. - An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class...
Mageia: Security Advisory (MGASA-2021-0246)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.2.6 : python-lxml (EulerOS-SA-2021-2907)
According to the versions of the python-lxml package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and...
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-2907)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.2.0 : python-lxml (EulerOS-SA-2021-2830)
According to the versions of the python-lxml package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and...