284 matches found
Important: Red Hat Security Advisory: python-reportlab security update
An update for python-reportlab is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...
Important: Red Hat Security Advisory: python-reportlab security update
An update for python-reportlab is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...
python-reportlab: code injection in colors.py allows attacker to execute code
A code injection vulnerability in python-reportlab allows an attacker to execute code while parsing a color attribute. An application that uses python-reportlab to parse untrusted input files may be vulnerable to this flaw and allow remote code execution...
python-reportlab security update
2.3-3.el610.1 - Do not eval strings passed to toColor - Resolves: 1788551...
Remote Code Execution
ReportLab is vulnerable to remote code execution. This is due to the usage of toColorevalarg in colors.py, allowing a remote attacker to execute arbitrary Python code using a malicious XML document that utilizes 'span color="' followed by arbitrary Python code...
DEBIAN-CVE-2019-17626
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
CVE-2019-17626
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
CVE-2019-17626
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
CVE-2019-17626
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
bookscrape (>=0.0.1.dev1 <=0.0.2b7), codeforlife-portal (>=1.1.1 <=2.28.1) +53 more potentially affected by CVE-2019-17626 via reportlab (>=3.1.44 <=3.5.26)
reportlab PYPI version =3.1.44, =0.0.1.dev1, =1.1.1, =0.7.0, =0.1.0, =0.0.2, =1.1.0, =2.7.0, =2.3.0.18073018, =2.3.0.18070609, =2.3.0.18070422, =0.1.0, =0.733.0, =0.736.0 and more Source cves: CVE-2019-17626 Source advisory: OSV:PYSEC-2019-117...
PYSEC-2019-117
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
PYSEC-2019-117
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with '...
Remote code execution
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
UBUNTU-CVE-2019-17626
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
PYSEC-2019-47
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
CVE-2019-17626
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
CVE-2019-17626
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
CVE-2019-17626
ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...
CVE-2019-17626
Affected software: python-reportlab (ReportLab) prior to 3.5.31. Root causes reported: in colors.py, toColor(eval(arg)) used on crafted XML; in paraparser.py, start_unichar evaluating untrusted input within a unichar element.Impact: remote code execution via crafted XML document. Remediation: upg...
ReportLab Code Execution Vulnerability
ReportLab is an open source engine for creating data-driven PDF documents and custom vector graphics. A code execution vulnerability exists in ReportLab 3.5.26 and earlier versions that can be exploited by remote attackers to execute code...