Lucene search
K

284 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:52 a.m.3 views

SUSE CVE-2020-28463

All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos ...

5CVSS7.7AI score0.01487EPSS
Exploits1References6
OSV
OSV
added 2022/09/02 11:4 a.m.3 views

OESA-2022-1887 python-reportlab security update

The ReportLab Toolkit. An Open Source Python library for generating PDFs and graphics. Security Fixes: All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Ste...

6.5CVSS7AI score0.01487EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/23 10:32 p.m.141 views

Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities

Summary RamdaCVE-2021-42581 is vulnerable to remote attackers to execute arbitrary code on the system, caused by a prototype pollution in functions. An attacker could exploit this vulnerability to execute arbitrary code on the system. Node-forgeCVE-2022-24773, 217313, CVE-2022-24771, CVE-2020-772...

9.8CVSS9.8AI score0.04581EPSS
Exploits18Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/24 10:0 p.m.3 views

bookscrape (>=0.0.1.dev1 <=0.0.2b7), codeforlife-portal (>=1.1.1 <=2.28.1) +53 more potentially affected by CVE-2019-17626 via reportlab (>=3.1.44 <=3.5.26)

reportlab PYPI version =3.1.44, =0.0.1.dev1, =1.1.1, =0.7.0, =0.1.0, =0.0.2, =1.1.0, =2.7.0, =2.3.0.18073018, =2.3.0.18070609, =2.3.0.18070422, =0.1.0, =0.733.0, =0.736.0 and more Source cves: CVE-2019-17626 Source advisory: OSV:GHSA-QPG2-VX7J-3869...

9.8CVSS7.2AI score0.10231EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/05/24 10:0 p.m.33 views

XML Injection in ReportLab

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

9.8CVSS3.6AI score0.10231EPSS
Exploits1References22Affected Software1
OSV
OSV
added 2022/05/24 10:0 p.m.25 views

GHSA-QPG2-VX7J-3869 XML Injection in ReportLab

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

9.8CVSS9.8AI score0.10231EPSS
Exploits1References23
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.16 views

Mageia: Security Advisory (MGASA-2021-0521)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.8AI score0.01487EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.16 views

Mageia: Security Advisory (MGASA-2020-0059)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.8AI score0.10231EPSS
Exploits1References4
OSV
OSV
added 2021/11/25 1:6 p.m.1 views

MGASA-2021-0521 Updated python-reportlab packages fix security vulnerability

Server-side Request Forgery SSRF...

6.5CVSS6.7AI score0.01487EPSS
Exploits1References3
Mageia
Mageia
added 2021/11/25 1:6 p.m.70 views

Updated python-reportlab packages fix security vulnerability

Server-side Request Forgery SSRF...

6.5CVSS3AI score0.01487EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/10/30 12:0 a.m.17 views

Fedora: Security Advisory for python-reportlab (FEDORA-2021-13cdc0ab0e)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.9AI score0.01487EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/10/30 12:0 a.m.17 views

Fedora: Security Advisory for python-reportlab (FEDORA-2021-04bfae8300)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.9AI score0.01487EPSS
Exploits1References2
Fedora
Fedora
added 2021/10/29 11:27 p.m.25 views

[SECURITY] Fedora 35 Update: python-reportlab-3.6.2-1.fc35

This is the ReportLab PDF Toolkit. It allows rapid creation of rich PDF documents, and also creation of charts in a variety of bitmap and vector formats...

6.5CVSS2AI score0.01487EPSS
Exploits1
Fedora
Fedora
added 2021/10/24 11:3 p.m.36 views

[SECURITY] Fedora 34 Update: python-reportlab-3.6.2-1.fc34

This is the ReportLab PDF Toolkit. It allows rapid creation of rich PDF documents, and also creation of charts in a variety of bitmap and vector formats...

6.5CVSS2AI score0.01487EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2021/09/24 12:0 a.m.34 views

SUSE SLED12 / SLES12 Security Update : python-reportlab (SUSE-SU-2021:3209-1)

The remote SUSE Linux SLED12 / SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2021:3209-1 advisory. - CVE-2020-28463: Fixed Server-side Request Forgery via img tags bsc1182503. - Add missing import in CVE-2020-28463 fix bsc1190110. Tenable has...

6.5CVSS6.8AI score0.01487EPSS
Exploits1References5
OSV
OSV
added 2021/09/23 2:20 p.m.3 views

SUSE-SU-2021:3209-1 Security update for python-reportlab

This update for python-reportlab fixes the following issues: - CVE-2020-28463: Fixed Server-side Request Forgery via img tags bsc1182503. - Add missing import in CVE-2020-28463 fix bsc1190110...

6.5CVSS6.8AI score0.01487EPSS
Exploits1References4
0day.today
0day.today
added 2021/08/31 12:0 a.m.276 views

BSCW Server XML Injection Vulnerability

BSCW Server versions 7.4.2 and below, 7.3.2 and below, 5.2.3 and below, 5.1.9 and below, and 5.0.11 and below suffer from an XML tag injection vulnerability. ======================================================================= title: XML Tag injection product: BSCW Server vulnerable version:...

8.8CVSS0.03975EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/08/31 12:0 a.m.283 views

BSCW Server XML Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XML Tag injection product: BSCW Server vulnerable version: BSCW Server...

0.1AI score0.03975EPSS
Exploits3
Prion
Prion
added 2021/08/30 5:15 a.m.16 views

Remote code execution

OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...

6.5CVSS8.9AI score0.03975EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2021/08/30 4:42 a.m.40 views

CVE-2021-36359

OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution RCE via XML tag injection because reportlab\platypus\paraparser.py reached via bscw.cgi op=editfolder.EditFolder calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and...

9.2AI score0.03975EPSS
Exploits3References3
Rows per page
Query Builder