27 matches found
cpython: Stack overflow parsing XML with deeply nested DTD content models
A stack overflow flaw has been discovered in the python pyexpat module. When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs. This will result in a program crash...
EUVD-2012-0902
Malware in sbrugna...
CVE-2020-26709
py-xml v1.0 was discovered to contain an XML External Entity Injection XXE vulnerability which allows attackers to execute arbitrary code via a crafted XML file...
UBUNTU-CVE-2021-43818
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
PYSEC-2021-852
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
python: XSS vulnerability in the documentation XML-RPC server in server_title field
A reflected cross-site scripting XSS vulnerability was found in Python XML-RPC server. The servertitle field is not sufficiently sanitized allowing malicious JavaScript to be injected. Successful exploitation would allow a remote attacker to execute JavaScript code within the context of the...
OPENSUSE-SU-2019:1462-1 Security update for nmap
This update for nmap fixes the following issues: Security issue fixed: - CVE-2018-15173: Fixed a remote denial of service attack via a crafted TCP-based service bsc1104139. Non-security issue fixed: - Add missing runtime dependency python-xml which prevented zenmap from starting bsc1133512. This...
Security update for nmap (moderate)
openSUSE Security Update: Security update for nmap Announcement ID: openSUSE-SU-2019:1462-1 Rating: moderate References: 1104139 1133512 Cross-References: CVE-2018-15173 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 An update that solves one vulnerability and has one errata is now...
SUSE SLED15 / SLES15 Security Update : nmap (SUSE-SU-2019:1290-1)
This update for nmap fixes the following issues : Security issue fixed : CVE-2018-15173: Fixed a remote denial of service attack via a crafted TCP-based service bsc1104139. Non-security issue fixed: Add missing runtime dependency python-xml which prevented zenmap from starting bsc1133512. Note th...
SUSE-SU-2019:1290-1 Security update for nmap
This update for nmap fixes the following issues: Security issue fixed: - CVE-2018-15173: Fixed a remote denial of service attack via a crafted TCP-based service bsc1104139. Non-security issue fixed: - Add missing runtime dependency python-xml which prevented zenmap from starting bsc1133512...
CVE-2013-1664
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...
bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...
bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...
bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...
bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...
bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...
bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...
bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...
CVE-2013-1665
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...
Ubuntu Update for python-xml vulnerabilities USN-890-4
Ubuntu Update for Linux kernel vulnerabilities USN-890-4 OpenVAS Vulnerability Test $Id: gbubuntuUSN8904.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for python-xml vulnerabilities USN-890-4 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...