Lucene search
K

19 matches found

OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.20 views

openSUSE: Security Advisory for python (openSUSE-SU-2023:0260-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS7.6AI score0.01466EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.15 views

openSUSE: Security Advisory for python (openSUSE-SU-2023:0272-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS7.6AI score0.01466EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.28 views

openSUSE 15 Security Update : python-CairoSVG (openSUSE-SU-2023:0272-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0272-1 advisory. - CairoSVG is a Python pypi package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression...

9.9CVSS6.7AI score0.01466EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2023/09/26 12:0 a.m.27 views

openSUSE 15 Security Update : python-CairoSVG (openSUSE-SU-2023:0260-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0260-1 advisory. - CairoSVG is a Python pypi package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression...

9.9CVSS6.7AI score0.01466EPSS
Exploits1References7
OPENSUSE Linux
OPENSUSE Linux
added 2023/09/26 12:0 a.m.9 views

Security update for python-CairoSVG (moderate)

openSUSE Security Update: Security update for python-CairoSVG Announcement ID: openSUSE-SU-2023:0272-1 Rating: moderate References: 1180648 1209538 Cross-References: CVE-2021-21236 CVE-2023-27586 CVSS scores: CVE-2021-21236 NVD : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-27586 NVD...

9.9CVSS7.6AI score0.01466EPSS
Exploits1References2
OSV
OSV
added 2023/09/25 10:2 p.m.8 views

OPENSUSE-SU-2023:0272-1 Security update for python-CairoSVG

This update for python-CairoSVG fixes the following issues: - CVE-2023-27586: Don't allow fetching external files unless explicitly asked for. boo1209538 - Update to version 2.5.2 Fix marker path scale - Update to version 2.5.1 boo1180648, CVE-2021-21236: Security fix: When processing SVG files,...

9.9CVSS7.5AI score0.01466EPSS
Exploits1References5
OSV
OSV
added 2023/09/25 12:2 p.m.11 views

OPENSUSE-SU-2023:0260-1 Security update for python-CairoSVG

This update for python-CairoSVG fixes the following issues: - CVE-2023-27586: Don't allow fetching external files unless explicitly asked for. boo1209538 - Update to version 2.5.2 Fix marker path scale - Update to version 2.5.1 boo1180648, CVE-2021-21236: Security fix: When processing SVG files,...

9.9CVSS7.5AI score0.01466EPSS
Exploits1References5
OPENSUSE Linux
OPENSUSE Linux
added 2023/09/25 12:0 a.m.4 views

Security update for python-CairoSVG (moderate)

openSUSE Security Update: Security update for python-CairoSVG Announcement ID: openSUSE-SU-2023:0260-1 Rating: moderate References: 1180648 1209538 Cross-References: CVE-2021-21236 CVE-2023-27586 CVSS scores: CVE-2021-21236 NVD : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2023-27586 NVD...

9.9CVSS7.6AI score0.01466EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2023/04/07 12:0 a.m.18 views

Mageia: Security Advisory (MGASA-2023-0126)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.9CVSS8.4AI score0.00722EPSS
Exploits0References5
Mageia
Mageia
added 2023/04/06 9:20 p.m.73 views

Updated python-cairosvg packages fix security vulnerability

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

9.9CVSS6.8AI score0.00722EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.25 views

Debian DSA-5382-1 : cairosvg - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5382 advisory. It was reported that cairosvg, a SVG converter based on Cairo, can send requests to external hosts when processing specially crafted SVG files with external file resource...

9.9CVSS7.3AI score0.00722EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/03/30 12:0 a.m.25 views

Fedora 38 : python-cairosvg (2023-e4a4ea43d8)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-e4a4ea43d8 advisory. - Update python-cairosvg version 2.7.0 - Disable isort flake8 patch updated - Fix CVE-2023-27586 - BZ2180272 BZ2180271 Tenable has extracted the preceding...

9.9CVSS7.4AI score0.00722EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/29 12:0 a.m.28 views

Fedora 36 : python-cairosvg (2023-064525b17b)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-064525b17b advisory. - Update python-cairosvg version 2.7.0 - Disable isort flake8 patch updated - Fix CVE-2023-27586 - BZ2180272 BZ2180271 Tenable has extracted the preceding...

9.9CVSS7.4AI score0.00722EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/23 12:0 a.m.25 views

Fedora 37 : python-cairosvg (2023-ab86bdbce6)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-ab86bdbce6 advisory. - Update python-cairosvg version 2.7.0 - Disable isort flake8 patch updated - Fix CVE-2023-27586 - BZ2180272 BZ2180271 Tenable has extracted the preceding...

9.9CVSS7.4AI score0.00722EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2023/03/20 4:15 p.m.4 views

buildbot-badges (>=1.7.0 <=1.8.2), cico (>=0.1.0 <=0.1.8) +18 more potentially affected by CVE-2023-27586 via cairosvg (>=0.5.0 <=2.6.0)

cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =1.0.0b1, =0.0.2, =0.1.0, =0.1.0, =2.11.0, =4.3.0, =0.0.1, =9.0.5, =1.0.0, =0.1.0, =0.2.7 and more Source cves: CVE-2023-27586 Source advisory: OSV:PYSEC-2023-9...

9.9CVSS7.1AI score0.00722EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/03/20 3:23 p.m.6 views

CVE-2023-27586 CairoSVG improperly processes SVG files loaded from external resources

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

9.9CVSS9.3AI score0.00722EPSS
Exploits0References4
CVE
CVE
added 2023/03/20 3:23 p.m.111 views

CVE-2023-27586

CVE-2023-27586 affects CairoSVG prior to 2.7.0, where Cairo could make requests to external hosts while processing SVGs. The underlying issue is external resource loading, enabling server-side request forgery (SSRF) and potential denial of service. The connected advisories confirm that version 2....

9.9CVSS8.1AI score0.00722EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/03/20 3:23 p.m.30 views

CVE-2023-27586 CairoSVG improperly processes SVG files loaded from external resources

CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...

9.9CVSS9.5AI score0.00722EPSS
Exploits0References4
Circl
Circl
added 2023/03/20 2:35 p.m.6 views

CVE-2023-27586

creationtimestamp| type| source ---|---|--- 2023-03-20 14:35:42+00:00| published-proof-of-concept| https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv 2023-03-20 21:04:15+00:00| seen| https://t.me/cibsecurity/60328...

9.9CVSS7.1AI score0.00722EPSS
Exploits0References2
Rows per page
Query Builder