Oracle Linux 8 : python39:3.9 / and / python39-devel:3.9 (ELSA-2024-3466)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3466 advisory. - Security fixes for CVE-2023-6597 and CVE-2024-0450 Tenable has extracted the preceding description block directly from the Oracle Linux security...

RHEL 6 : python-lxml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through CVE-2021-43818 - An iss...

RHEL 7 : python-lxml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through CVE-2021-43818 - An iss...

RHEL 8 : python-lxml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-lxml: XSS in lxml.html.clean module in lxml/html/clean.py CVE-2018-19787 Note that Nessus has not tested for...

RHEL 5 : python-lxml (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-lxml: mXSS due to the use of improper parser CVE-2020-27783 - An issue was discovered in lxml befo...

Splunk Enterprise 8.1 < 8.1.13, 8.2.0 < 8.2.10, 9.0.0 < 9.0.4 (SVD-2023-0215)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2023-0215 advisory. - Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very...

CentOS 9 : python-lxml-4.6.5-3.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the python- lxml-4.6.5-3.el9 build changelog. - NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is used together wit...

NewStart CGSL MAIN 6.06 : python-lxml Vulnerability (NS-SA-2023-0098)

The remote NewStart CGSL host, running version MAIN 6.06, has python-lxml packages installed that are affected by a vulnerability: - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass...

NewStart CGSL MAIN 6.06 : python-lxml Multiple Vulnerabilities (NS-SA-2023-0136)

The remote NewStart CGSL host, running version MAIN 6.06, has python-lxml packages installed that are affected by multiple vulnerabilities: - In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-11236 - The urllib3...

Rocky Linux 8 : python-lxml (RLSA-2021:1898)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:1898 advisory. - A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors betwee...

Rocky Linux 9 : python-lxml (RLSA-2022:8226)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:8226 advisory. - NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is used together with libxml2 2.9.10...

Rocky Linux 8 : python-lxml (RLSA-2021:4158)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4158 advisory. - An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner clas...

Rocky Linux 8 : python-lxml (RLSA-2022:1932)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1932 advisory. - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content...

Rocky Linux 8 : python38:3.8 (RLSA-2021:1879)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1879 advisory. - http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker control...

python39:3.9 and python39-devel:3.9 security update

Cython 0.29.21-5 - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz1877430 modwsgi 4.7.1-5 - Core dumped upon file upload = 1GB Resolves: rhbz2125172 numpy 1.19.4-3 - Adjusted the postun scriptlets to enable upgrading to RHEL 9 - Resolves: rhbz1933055 pybind11 2.7.1-1 - Update...

Rocky Linux 8 : python38:3.8 and python38-devel:3.8 (RLSA-2023:3781)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:3781 advisory. - An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank...

EulerOS Virtualization 3.0.6.6 : python-lxml (EulerOS-SA-2023-2401)

According to the versions of the python-lxml package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is...

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2023-2401)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2023-1717)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.0 : python-lxml (EulerOS-SA-2023-1717)

According to the versions of the python-lxml package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is...