CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

279 matches found

Tenable Nessus•added 2021/08/10 12:0 a.m.•31 views

openSUSE 15 Security Update : python-reportlab (openSUSE-SU-2021:2641-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2641-1 advisory. - All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes &...

6.5CVSS6.6AI score0.0116EPSS

Exploits1References4

OpenVAS•added 2021/08/10 12:0 a.m.•13 views

openSUSE: Security Advisory for python-reportlab (openSUSE-SU-2021:2641-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.8AI score0.0116EPSS

Exploits1References2

OSV•added 2021/08/09 9:36 a.m.•2 views

OPENSUSE-SU-2021:2641-1 Security update for python-reportlab

This update for python-reportlab fixes the following issues: - CVE-2020-28463: Fixed Server-side Request Forgery via img tags bsc1182503...

6.5CVSS6.5AI score0.0116EPSS

Exploits1References3

OPENSUSE Linux•added 2021/08/09 12:0 a.m.•63 views

Security update for python-reportlab (moderate)

openSUSE Security Update: Security update for python-reportlab Announcement ID: openSUSE-SU-2021:2641-1 Rating: moderate References: 1182503 Cross-References: CVE-2020-28463 CVSS scores: CVE-2020-28463 NVD : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-28463 SUSE: 5...

5CVSS6.7AI score0.0116EPSS

Exploits1References1

OSV•added 2021/07/27 11:3 a.m.•1 views

OESA-2021-1281 python-reportlab security update

The ReportLab Toolkit. An Open Source Python library for generating PDFs and graphics. Security Fixes: ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python...

9.8CVSS8.2AI score0.16839EPSS

Exploits1References2

OSV•added 2021/03/29 4:32 p.m.•24 views

GHSA-MPVW-25MG-59VX Server-side Request Forgery (SSRF) via img tags in reportlab

All versions of package reportlab at time of writing are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of...

7.1CVSS6.5AI score0.0116EPSS

Exploits1References12

vulnersOsv•added 2021/03/29 4:32 p.m.•1 views

angleview (=0.0.0.dev1), bacant (=3.4.0) +61 more potentially affected by CVE-2020-28463 via reportlab (>=3.1.44 <=3.5.53)

reportlab PYPI version =3.1.44, =0.0.1.dev1, =1.1.1, =1.0.0, =2.0.1.16012810, =2.0.1.16012810, =2.0.1.16012810, =0.7.0, =0.1.0, =0.0.2, =1.1.0, =1.3.0 - invenio-testing =0.1.1 and more Source cves: CVE-2020-28463 Source advisory: OSV:GHSA-MPVW-25MG-59VX...

6.5CVSS6.7AI score0.0116EPSS

Exploits1

Github Security Blog•added 2021/03/29 4:32 p.m.•221 views

Server-side Request Forgery (SSRF) via img tags in reportlab

6.5CVSS6.7AI score0.0116EPSS

Exploits1References11Affected Software1

CNVD•added 2021/03/17 12:0 a.m.•3 views

Reportlab Server-Side Request Forgery Vulnerability

ReportLab is a Danish ReportLab company for the creation of data-driven PDF documents and custom vector graphics open source engine . A security vulnerability exists in Reportlab. The vulnerability stems from a server-side request forgery vulnerability that can be triggered by img tags. Currently...

6.5CVSS6.7AI score0.0116EPSS

Exploits1References1

Tenable Nessus•added 2021/02/22 12:0 a.m.•21 views

EulerOS 2.0 SP2 : python-reportlab (EulerOS-SA-2021-1354)

According to the version of the python-reportlab package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document wi...

9.8CVSS8.5AI score0.16839EPSS

Exploits1References2

OpenVAS•added 2021/02/22 12:0 a.m.•15 views

Huawei EulerOS: Security Advisory for python-reportlab (EulerOS-SA-2021-1354)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.16839EPSS

Exploits1References2

Veracode•added 2021/02/19 1:44 a.m.•24 views

Server-side Request Forgery (SSRF)

ReportLab is vulnerable to Server-side Request Forgery SSRF. An attacker is able to send malicious requests on behalf of the application via the usage of img tags. The risk of vulnerability can be reduced if trustedSchemes & trustedHosts are applied...

6.5CVSS6.5AI score0.0116EPSS

Exploits1References7Affected Software2

RedhatCVE•added 2021/02/18 9:24 p.m.•21 views

CVE-2020-28463

A flaw was found in python-reportlab. A Server-side Request Forgery SSRF vulnerability is possible via img tags...

6.5CVSS3.8AI score0.0116EPSS

Exploits1References4

OSV•added 2021/02/18 4:15 p.m.•1 views

CVE-2020-28463

All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos ...

6.5CVSS6.6AI score

Exploits0References5

OSV•added 2021/02/18 4:15 p.m.•0 views

DEBIAN-CVE-2020-28463

6.5CVSS6.6AI score0.0116EPSS

Exploits1References1