PT-2026-46101

Impact The USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could craft malicious USPTO patent XML files with external entity references that could: - Read arbitrary files from the server filesystem - Perform...

Maintenance update for Multi-Linux Manager 4.3: Server, Proxy and Retail

Description: This update fixes the following issues: mgr-cfg: Version 4.3.7-0 Non-customer-facing optimization and update mgr-custom-info: Version 4.3.4-0 Non-customer-facing optimization and update mgr-daemon: Version 4.3.13-0 Update translation strings mgr-osad: Version 4.3.8-0...

SUSE SLES15 : Security update 4.3.16.1 for SUSE Manager Proxy and Retail Branch 4.3 LTS (SUSE-SU-2025:3826-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3826-1 advisory. susemanager-build-keys: - Update SUSE GPG key and make it available for Salt bsc1250911 susemanager-sls: - Version 4.3.50-0 Fix OS Family grain...

SUSE-SU-2025:3826-1 Security update 4.3.16.1 for SUSE Manager Server 4.3 LTS

This update fixes the following issues: susemanager-build-keys: - Update SUSE GPG key and make it available for Salt bsc1250911 susemanager-sls: - Version 4.3.50-0 Fix OS Family grain name bsc1250911 - Version 4.3.49-0 Fixed syntax error in Salt state - Version 4.3.48-0 Automatically deploy the...

defusedxml

This is a Python library called defusedxml, which is designed to prevent XML bomb denial of service DoS vulnerabilities. The library provides a facade for the standard library's xml.etree.ElementTree module, which is vulnerable to XML bombs. The defusedxml library defuses XML bombs by preventing...

RHEL 7 : python-defusedxml and python-pysaml2 (RHSA-2017:0937)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0937 advisory. The defusedxml package contains several Python-only updates for security vulnerabilities in Python's XML libraries. Defusedxml functions and classes...

RHEL 7 : python-defusedxml and python-pysaml2 (RHSA-2017:0936)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0936 advisory. The defusedxml package contains several Python-only updates for security vulnerabilities in Python's XML libraries. Defusedxml functions and classes...

RHSA-2017:0937 Red Hat Security Advisory: python-defusedxml and python-pysaml2 security update

Bulletin has no description...

RHSA-2017:0936 Red Hat Security Advisory: python-defusedxml and python-pysaml2 security update

Bulletin has no description...

mofh Vulnerable to Improper Restriction of XML External Entity Reference

The xml.etree.ElementTree module that mofh used up until version 1.0.1 implements a simple and efficient API for parsing and creating XML data. But it makes the application vulnerable to: - Billion Laughs attack: It is a type of denial-of-service attack aimed at XML parsers. It uses multiple leve...

GHSA-7R9X-QRPR-3CXW mofh Vulnerable to Improper Restriction of XML External Entity Reference

The xml.etree.ElementTree module that mofh used up until version 1.0.1 implements a simple and efficient API for parsing and creating XML data. But it makes the application vulnerable to: - Billion Laughs attack: It is a type of denial-of-service attack aimed at XML parsers. It uses multiple leve...

PT-2022-28213 · Python · Xml.Etree.Elementtree

Name of the Vulnerable Software and Affected Versions: mofh versions prior to 1.0.1 Description: The issue affects the xml.etree.ElementTree module, making the application susceptible to denial-of-service attacks, specifically the Billion Laughs attack and the Quadratic blowup attack. These attac...

Moderate: Red Hat Security Advisory: python-defusedxml and python-pysaml2 security update

An update for python-defusedxml and python-pysaml2 is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: python-defusedxml and python-pysaml2 security update

An update for python-defusedxml and python-pysaml2 is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

SUSE-SU-2017:0569-1 Security update for python-pysaml2

This update for python-pysaml2 fixes the following issues: - CVE-2016-10127 and CVE-2016-10149: XXE XML external entity issues were fixed in python-pysaml2, where external requests to other XML content could be made by parsing XML files using this SAML2 library. bsc1019074 To fix this bug, the ne...