Lucene search
K

284 matches found

RedHat Linux
RedHat Linux
added 2020/01/21 10:48 p.m.73 views

Important: Red Hat Security Advisory: python-reportlab security update

An update for python-reportlab is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

9.8CVSS7.5AI score0.10231EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2020/01/21 7:26 p.m.64 views

Important: Red Hat Security Advisory: python-reportlab security update

An update for python-reportlab is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

9.8CVSS7.5AI score0.10231EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2020/01/21 7:26 p.m.2 views

python-reportlab: code injection in colors.py allows attacker to execute code

A code injection vulnerability in python-reportlab allows an attacker to execute code while parsing a color attribute. An application that uses python-reportlab to parse untrusted input files may be vulnerable to this flaw and allow remote code execution...

9.8CVSS6.2AI score0.10231EPSS
Exploits1References4
Oracle linux
Oracle linux
added 2020/01/21 12:0 a.m.41 views

python-reportlab security update

2.3-3.el610.1 - Do not eval strings passed to toColor - Resolves: 1788551...

9.8CVSS1.4AI score0.10231EPSS
Exploits1
Veracode
Veracode
added 2019/10/17 3:15 a.m.33 views

Remote Code Execution

ReportLab is vulnerable to remote code execution. This is due to the usage of toColorevalarg in colors.py, allowing a remote attacker to execute arbitrary Python code using a malicious XML document that utilizes 'span color="' followed by arbitrary Python code...

9.8CVSS4.5AI score0.10231EPSS
Exploits1References16Affected Software1
OSV
OSV
added 2019/10/16 12:15 p.m.2 views

DEBIAN-CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

9.8CVSS9.4AI score0.10231EPSS
Exploits1References1
NVD
NVD
added 2019/10/16 12:15 p.m.16 views

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

9.8CVSS9.7AI score0.10231EPSS
Exploits1References14
OSV
OSV
added 2019/10/16 12:15 p.m.7 views

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

9.8CVSS9.6AI score
Exploits0References14
UbuntuCve
UbuntuCve
added 2019/10/16 12:15 p.m.17 views

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

9.8CVSS7.8AI score0.10231EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2019/10/16 12:15 p.m.5 views

bookscrape (>=0.0.1.dev1 <=0.0.2b7), codeforlife-portal (>=1.1.1 <=2.28.1) +53 more potentially affected by CVE-2019-17626 via reportlab (>=3.1.44 <=3.5.26)

reportlab PYPI version =3.1.44, =0.0.1.dev1, =1.1.1, =0.7.0, =0.1.0, =0.0.2, =1.1.0, =2.7.0, =2.3.0.18073018, =2.3.0.18070609, =2.3.0.18070422, =0.1.0, =0.733.0, =0.736.0 and more Source cves: CVE-2019-17626 Source advisory: OSV:PYSEC-2019-117...

9.8CVSS7.2AI score0.10231EPSS
Exploits1
OSV
OSV
added 2019/10/16 12:15 p.m.23 views

PYSEC-2019-117

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

9.8CVSS3.7AI score0.10231EPSS
Exploits1References14
PyPA
PyPA
added 2019/10/16 12:15 p.m.5 views

PYSEC-2019-117

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with '...

9.8CVSS8.1AI score0.10231EPSS
Exploits1References14Affected Software1
Prion
Prion
added 2019/10/16 12:15 p.m.21 views

Remote code execution

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

7.5CVSS9.5AI score0.10231EPSS
Exploits1References13Affected Software1
OSV
OSV
added 2019/10/16 12:15 p.m.2 views

UBUNTU-CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

9.8CVSS7.9AI score0.10231EPSS
Exploits1References4
OSV
OSV
added 2019/10/16 12:15 p.m.12 views

PYSEC-2019-47

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

7.9AI score
Exploits0References13
Debian CVE
Debian CVE
added 2019/10/16 11:29 a.m.23 views

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

9.8CVSS9.8AI score0.10231EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2019/10/16 11:29 a.m.15 views

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

7.8AI score0.10231EPSS
Exploits1References14
Cvelist
Cvelist
added 2019/10/16 11:29 a.m.23 views

CVE-2019-17626

ReportLab through 3.5.26 allows remote code execution because of toColorevalarg in colors.py, as demonstrated by a crafted XML document with 'span color="' followed by arbitrary Python code...

9.8AI score0.10231EPSS
Exploits1References14
CVE
CVE
added 2019/10/16 11:29 a.m.320 views

CVE-2019-17626

Affected software: python-reportlab (ReportLab) prior to 3.5.31. Root causes reported: in colors.py, toColor(eval(arg)) used on crafted XML; in paraparser.py, start_unichar evaluating untrusted input within a unichar element.Impact: remote code execution via crafted XML document. Remediation: upg...

9.8CVSS9.6AI score0.10231EPSS
Exploits1References14Affected Software1
CNVD
CNVD
added 2019/10/16 12:0 a.m.3 views

ReportLab Code Execution Vulnerability

ReportLab is an open source engine for creating data-driven PDF documents and custom vector graphics. A code execution vulnerability exists in ReportLab 3.5.26 and earlier versions that can be exploited by remote attackers to execute code...

9.8CVSS7.9AI score0.10231EPSS
Exploits1References1
Rows per page
Query Builder