284 matches found
SUSE SLES15 / openSUSE 15 Security Update : python-reportlab (SUSE-SU-2023:3972-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:3972-1 advisory. - CVE-2019-19450: Fixed an issue which allowed remote code execution via startunichar in paraparser.py evaluating untrusted user input...
SUSE-SU-2023:3972-1 Security update for python-reportlab
This update for python-reportlab fixes the following issues: - CVE-2019-19450: Fixed an issue which allowed remote code execution via startunichar in paraparser.py evaluating untrusted user input. bsc1215560...
Debian: Security Advisory (DLA-3590-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-3590 : python-renderpm - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3590 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3590-1 [email protected]...
[SECURITY] [DLA 3590-1] python-reportlab security update
Debian LTS Advisory DLA-3590-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin September 29, 2023 https://wiki.debian.org/LTS Package : python-reportlab Version : 3.5.13-1+deb10u2 CVE ID : CVE-2019-19450 CVE-2020-28463 Security issues were discovered in...
CVE-2019-19450
A code injection vulnerability was found in python-reportlab that may allow an attacker to execute code while parsing a unichar element attribute. An application that uses python-reportlab to parse untrusted input files may be vulnerable and could allow remote code execution. Mitigation Mitigatio...
SUSE CVE-2019-19450
paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...
bookscrape (>=0.0.1.dev1 <=0.0.2b7), codeforlife-portal (>=1.1.1 <=2.28.1) +53 more potentially affected by CVE-2019-19450 via reportlab (>=3.1.44 <=3.5.26)
reportlab PYPI version =3.1.44, =0.0.1.dev1, =1.1.1, =0.7.0, =0.1.0, =0.0.2, =1.1.0, =2.7.0, =2.3.0.18073018, =2.3.0.18070609, =2.3.0.18070422, =0.1.0, =0.733.0, =0.736.0 and more Source cves: CVE-2019-19450 Source advisory: OSV:GHSA-PJ98-2XF6-CFF5...
GHSA-PJ98-2XF6-CFF5 ReportLab vulnerable to remote code execution via paraparser
paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...
ReportLab vulnerable to remote code execution via paraparser
paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...
DEBIAN-CVE-2019-19450
paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...
CVE-2019-19450
paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...
CVE-2019-19450
paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...
Remote code execution
paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...
CVE-2019-19450
paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...
UBUNTU-CVE-2019-19450
paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...
ReportLab Security Breach
ReportLab is an open source engine for creating data-driven PDF documents and custom vector graphics from ReportLab Denmark. A security vulnerability exists in ReportLab versions prior to 3.5.31, which stems from a remote code execution allowed by paraparser, where startunichar in paraparser.py...
CVE-2019-19450
paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...
PT-2023-6316
Name of the Vulnerable Software and Affected Versions ReportLab versions prior to 3.5.31 Description The issue is related to the start unichar function in paraparser.py, which incorrectly processes XML documents. This allows a remote attacker to execute arbitrary code by crafting a malicious XML...
CVE-2019-19450
CVE-2019-19450 affects the Python library python-reportlab (paraparser.py). A crafted XML document can cause remote code execution because start_unichar evaluates untrusted input in a element. Impact is high (as per CVSS in the entry). Remediation is to upgrade to a version where the issue is fi...