Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2024-2377)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : python-lxml (EulerOS-SA-2024-2427)

According to the versions of the python-lxml package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of lxml before v4.9.1 allows attackers to access sensitive...

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2024-2427)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : python-lxml (EulerOS-SA-2024-2377)

According to the versions of the python-lxml package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of lxml before v4.9.1 allows attackers to access sensitive...

EulerOS 2.0 SP10 : python-lxml (EulerOS-SA-2024-2450)

According to the versions of the python-lxml package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of lxml before v4.9.1 allows attackers to access sensitive...

EulerOS 2.0 SP9 : python-lxml (EulerOS-SA-2024-2402)

According to the versions of the python-lxml package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An XML External Entity XXE vulnerability in the ebookmeta.getmetadata function of lxml before v4.9.1 allows attackers to access sensitive...

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2024-2402)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2024-2450)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : python-lxml (ALAS-2024-2620)

The version of python-lxml installed on the remote host is prior to 3.2.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2620 advisory. An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and...

Medium: python-lxml

Issue Overview: An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this...

Medium: python-lxml

Issue Overview: An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this...

OESA-2024-1749 python-lxml security update

The lxml XML toolkit is a Pythonic binding for the C libraries libxml2 and libxslt. \ It is unique in that it combines the speed and XML feature completeness of these libraries with \ the simplicity of a native Python API, mostly compatible but superior to the well-known ElementTree API. \ The...

OESA-2024-1750 python-lxml security update

The lxml XML toolkit is a Pythonic binding for the C libraries libxml2 and libxslt. \ It is unique in that it combines the speed and XML feature completeness of these libraries with \ the simplicity of a native Python API, mostly compatible but superior to the well-known ElementTree API. \ The...

OPENSUSE-SU-2024:11236-1 python-lxml-doc-4.6.3-3.2 on GA media

These are all security issues fixed in the python-lxml-doc-4.6.3-3.2 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11713-1 python-lxml-doc-4.6.5-1.1 on GA media

These are all security issues fixed in the python-lxml-doc-4.6.5-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12414-1 python-lxml-doc-4.9.1-4.1 on GA media

These are all security issues fixed in the python-lxml-doc-4.9.1-4.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12273-1 python-lxml-doc-4.9.1-2.1 on GA media

These are all security issues fixed in the python-lxml-doc-4.9.1-2.1 package on the GA media of openSUSE Tumbleweed...

RHEL 7 : python-lxml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-lxml: XSS in lxml.html.clean module in lxml/html/clean.py CVE-2018-19787 - Incomplete blacklist...

RHEL 6 : python-lxml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-lxml: XSS in lxml.html.clean module in lxml/html/clean.py CVE-2018-19787 - Incomplete blacklist...

RHEL 5 : python-lxml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-lxml: XSS in lxml.html.clean module in lxml/html/clean.py CVE-2018-19787 - Incomplete blacklist...