python-lxml (SUSE:OpenStack Cloud 9) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:OpenStack Cloud 9 package python-lxml, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (17)
CVE-2022-22817 — CVSS 9.8 (critical): PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A…
CVE-2021-43818 — CVSS 8.2 (high): lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain…
CVE-2022-23451 — CVSS 8.1 (high): An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user…
CVE-2021-38155 — CVSS 7.5 (high): OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information…
CVE-2022-29970 — CVSS 7.5 (high): Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
CVE-2021-44716 — CVSS 7.5 (high): net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via…
CVE-2021-40085 — CVSS 6.5 (medium): An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can…
CVE-2021-41182 — CVSS 6.5 (medium): jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the…
CVE-2021-41183 — CVSS 6.5 (medium): jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the…
CVE-2021-41184 — CVSS 6.5 (medium): jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the…
CVE-2022-22816 — CVSS 6.5 (medium): path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
CVE-2018-19787 — CVSS 6.1 (medium): An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use…
CVE-2020-27783 — CVSS 6.1 (medium): A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused…
CVE-2021-28957 — CVSS 6.1 (medium): An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safe_attrs_only and forms…
CVE-2022-23452 — CVSS 4.9 (medium): An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container…
CVE-2021-43813 — CVSS 4.3 (medium): Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory…