python-defusedxml (SUSE:OpenStack Cloud 6) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:OpenStack Cloud 6 package python-defusedxml, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2016-10127 — CVSS 9.0 (critical): PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
CVE-2016-10149 — CVSS 7.5 (high): XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML…