Download
| Alert*
oval:org.secpod.oval:def:71226
Kevin Chung discovered that python3-lxml, a Python binding for the libxml2 and libxslt libraries, did not properly sanitize its input. This would allow a malicious user to mount a cross-site scripting attack. oval:org.secpod.oval:def:71247 lxml: pythonic binding for the libxml2 and libxslt libraries lxml could allow cross-site scripting attacks. oval:org.secpod.oval:def:506441 lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fix: * python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS For more details about the security issue, including the impact, a CVSS score ... oval:org.secpod.oval:def:120307 lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It provides safe and convenient access to these libraries using the ElementTree It extends the ElementTree API significantly to offer support for XPath, RelaxNG, XML Schema, XSLT, C14N and much more.To contact the project, go ... oval:org.secpod.oval:def:120268 lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It provides safe and convenient access to these libraries using the ElementTree It extends the ElementTree API significantly to offer support for XPath, RelaxNG, XML Schema, XSLT, C14N and much more.To contact the project, go ... oval:org.secpod.oval:def:1801880 lxml 4.6.2 allows XSS. It places the HTML action attribute into defs.link_attrs for later use in input sanitization, but does not do the same for the HTML5 formaction attribute. oval:org.secpod.oval:def:705950 lxml: pythonic binding for the libxml2 and libxslt libraries lxml could allow cross-site scripting attacks. oval:org.secpod.oval:def:2106722 Oracle Solaris 11 - ( CVE-2021-28957 ) oval:org.secpod.oval:def:89047866 This update for python3-lxml fixes the following issues: - CVE-2021-28957: Fixed XSS due to missing input sanitization for HTML5 attributes . oval:org.secpod.oval:def:2500495 lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. oval:org.secpod.oval:def:4501332 lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fix: * python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS For more details about the security issue, including the impact, a CVSS score ... oval:org.secpod.oval:def:605475 Kevin Chung discovered that lxml, a Python binding for the libxml2 and libxslt libraries, did not properly sanitize its input. This would allow a malicious user to mount a cross-site scripting attack. oval:org.secpod.oval:def:89046094 This update for python-lxml fixes the following issues: - CVE-2018-19787: Fixed XSS vulnerability via unescaped URL . - CVE-2021-28957: Fixed XSS vulnerability ia HTML5 attributes unescaped . - CVE-2021-43818: Fixed XSS vulnerability via script content in SVG images using data URIs . - CVE-2020-2778 ... oval:org.secpod.oval:def:1505630 [1.0.2-1.el8] - Fix multiple CVEs : CVE-2017-18342, CVE-2020-10109, CVE-2020-10108, CVE-2021-33203, CVE-2021-33571, CVE-2021-44420, CVE-2021-31542, CVE-2021-28658, CVE-2021-28957, CVE-2021-43818, CVE-2020-27783 [Orabug: 34109801] oval:org.secpod.oval:def:89046137 This update for python-lxml fixes the following issues: - CVE-2021-43818: Removed SVG image data URLs since they can embed script content . - CVE-2021-28957: Fixed a potential XSS due to improper input sanitization . - CVE-2020-27783: Fixed a potential XSS due to improper HTML parsing . - CVE-2018-1 ... oval:org.secpod.oval:def:3301144 SUSE Security Update: Security update for python-lxml oval:org.secpod.oval:def:89047596 This update for python-lxml fixes the following issues: - CVE-2018-19787: Fixed XSS vulnerability via unescaped URL . - CVE-2021-28957: Fixed XSS vulnerability ia HTML5 attributes unescaped . - CVE-2021-43818: Fixed XSS vulnerability via script content in SVG images using data URIs . - CVE-2020-2778 ... oval:org.secpod.oval:def:2500991 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. oval:org.secpod.oval:def:4501314 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:506460 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:1505428 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:76217 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:2500953 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. oval:org.secpod.oval:def:86334 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:506320 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. The following packa ... oval:org.secpod.oval:def:4501236 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:4501313 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:506461 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:506488 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:1505426 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2500962 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. oval:org.secpod.oval:def:86328 Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix: * pyt ... oval:org.secpod.oval:def:1505429 mod_wsgi [4.7.1-4] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [4.7.1-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild [4.7.1-2] - Rebuilt for Python 3.9 [4.7.1-1] - update to 4.7.1 numpy [1.19.4-3] - Adjusted the postun scriptlets to enable ... |