284 matches found
SUSE CVE-2020-28463
All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos ...
OESA-2022-1887 python-reportlab security update
The ReportLab Toolkit. An Open Source Python library for generating PDFs and graphics. Security Fixes: All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Ste...
Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities
Summary RamdaCVE-2021-42581 is vulnerable to remote attackers to execute arbitrary code on the system, caused by a prototype pollution in functions. An attacker could exploit this vulnerability to execute arbitrary code on the system. Node-forgeCVE-2022-24773, 217313, CVE-2022-24771, CVE-2020-772...
bookscrape (>=0.0.1.dev1 <=0.0.2b7), codeforlife-portal (>=1.1.1 <=2.28.1) +53 more potentially affected by CVE-2019-17626 via reportlab (>=3.1.44 <=3.5.26)
reportlab PYPI version =3.1.44, =0.0.1.dev1, =1.1.1, =0.7.0, =0.1.0, =0.0.2, =1.1.0, =2.7.0, =2.3.0.18073018, =2.3.0.18070609, =2.3.0.18070422, =0.1.0, =0.733.0, =0.736.0 and more Source cves: CVE-2019-17626 Source advisory: OSV:GHSA-QPG2-VX7J-3869...
XML Injection in ReportLab
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
GHSA-QPG2-VX7J-3869 XML Injection in ReportLab
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
Mageia: Security Advisory (MGASA-2021-0521)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2020-0059)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2021-0521 Updated python-reportlab packages fix security vulnerability
Server-side Request Forgery SSRF...
Updated python-reportlab packages fix security vulnerability
Server-side Request Forgery SSRF...
Fedora: Security Advisory for python-reportlab (FEDORA-2021-13cdc0ab0e)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for python-reportlab (FEDORA-2021-04bfae8300)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: python-reportlab-3.6.2-1.fc35
This is the ReportLab PDF Toolkit. It allows rapid creation of rich PDF documents, and also creation of charts in a variety of bitmap and vector formats...
[SECURITY] Fedora 34 Update: python-reportlab-3.6.2-1.fc34
This is the ReportLab PDF Toolkit. It allows rapid creation of rich PDF documents, and also creation of charts in a variety of bitmap and vector formats...
SUSE SLED12 / SLES12 Security Update : python-reportlab (SUSE-SU-2021:3209-1)
The remote SUSE Linux SLED12 / SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2021:3209-1 advisory. - CVE-2020-28463: Fixed Server-side Request Forgery via img tags bsc1182503. - Add missing import in CVE-2020-28463 fix bsc1190110. Tenable has...
SUSE-SU-2021:3209-1 Security update for python-reportlab
This update for python-reportlab fixes the following issues: - CVE-2020-28463: Fixed Server-side Request Forgery via img tags bsc1182503. - Add missing import in CVE-2020-28463 fix bsc1190110...
BSCW Server XML Injection Vulnerability
BSCW Server versions 7.4.2 and below, 7.3.2 and below, 5.2.3 and below, 5.1.9 and below, and 5.0.11 and below suffer from an XML tag injection vulnerability. ======================================================================= title: XML Tag injection product: BSCW Server vulnerable version:...
BSCW Server XML Injection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XML Tag injection product: BSCW Server vulnerable version: BSCW Server...
Remote code execution
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...
CVE-2021-36359
OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...